HQ/EMEAFind out how we can help your business
The notorious Scattered Spider ransomware group allegedly joined forces with an active gang called BlackCat.
CISA and FBI have recently published a new advisory to alert organisations of the enhanced threat posed by the Scattered Spider cybercriminal group. The advisory explained that the group has collaborated with BlackCat ransomware, indicating that its tactics to infiltrate and extort targets will improve dramatically.
The announcement from these federal law enforcement agencies comes from advisories related to Rhysida and Royal ransomware, which have been heavily targeting various organisations globally.
Scattered Spider has adopted the BlackCat ransomware to improve its attacks.
Scattered Spider, famous for incorporating social engineering tactics for data theft and extortion, has now adopted the BlackCat ransomware into its attack capabilities.
Recent attacks orchestrated by this collaboration have utilised the BlackCat ransomware to encrypt VMware Elastic Sky X integrated (ESXi) servers after the exfiltration of sensitive data. Subsequently, these attackers will communicate with their victims through various channels, including TOR, Tox, email, and encrypted applications.
Furthermore, a detailed discussion of Scattered Spider’s tactics reveals a multi-staged approach, incorporating phishing emails, push bombing, and SIM swap attacks to acquire credentials, install remote access tools, and bypass multi-factor authentication (MFA).
Once inside a victim’s system, the group launches legitimate remote access tunnelling tools like Fleetdeck[.]io, ngrok, and Pulseway. Consequently, they use these living-off-the-land techniques to bypass security detections.
This campaign’s final stage includes deploying various malware strains, such as AveMaria, Raccoon Stealer, and Vidar Stealer.
On the other hand, federal agencies want organisations to employ stricter cybersecurity measures. Recommendations include whitelisted applications for software execution management, implementing best practices for securing Remote Desktop Protocol (RDP) usage, and deploying Endpoint Detection and Response (EDR) tools to monitor endpoints for anomalous activities.
The collaboration between Scattered Spider and BlackCat Ransomware shows the constant evolution of cybercriminal threats that target various industries worldwide. Therefore, organisations should be more vigilant and adhere to the best cybersecurity practices to counter these looming threats. Finally, this joint advisory is a reminder that organisations should have a proactive stance to mitigate the risks posed by these cyber criminals.
